Manages a staff of risk officers at various levels, with direct accountability for hiring and organizational structure. Has direct oversight for compensation, performance appraisals, staff development, training, etc. Provides input on performance and compensation recommendations for risk officers and utilities that provide risk related services on a matrix basis.
Accountable for internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defenses.
Evaluates the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.
Oversight of the establishment and implementation of compliance andtechnology and cyberpolicies and procedures, technology and tools, and governance processes for the coverage domains.
Governance and oversight oftechnology and cyberrisk while supporting the development of policy and standards; oversight of Key Operational Risks; challenge risk self-assessments and scenario analysis; issue management oversight and escalations.
Provides leadership to the Second Line influence, advisory and challenge of operational security capability domains including security incident management, vulnerability management andtechnology and cyberthreat intelligence.
Represents TCCORO in various steering committees, working groups and councils relevant to the functional area.
Actively engaged in the industry on the latest intechnology and cyberrisk, and emerging operational risks.
Oversight of planning, and implementation oftechnology and cyberprograms including their governance, identification of risks and controls.
Implementation of guidance for overseeingtechnology and cyberoperational risks, aligned with OCC Heightened Standards and other global regulations.
Able to present and lead discussions with key regulators, and internal and external auditors.
Advises on best practices leveraging expertise and industry insights.
Reviews and challenges coverage area appropriately consider significant operational risk in their Management Control Assessments (MCAs).
Evaluates the extent to which first line of defense is aligned with internal and external control standards, as well as regulatory and audit requirements.
Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.
Qualifications:
15+ years relevant technical experience and experience managing a team of professionals.
Experience in an independent second line (Risk) or third line (Internal Audit) functions evaluating large scale technology development and deliveries.
Experience in analyzing complex system architecture, data warehouses, and third-party SaaS application and applicable controls.
In-depth knowledge of products within the coverage area, including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions.
Experience intechnology and cyberrisk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organizations.
In-depth knowledge oftechnology and cyberrisks and controls across various information system architecture and engineering domains including but not limited to: data protection, identity and access management, application development and engineering;
Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding oftechnology and cyberrisk mitigation strategies.
Self-motivated and goal-oriented with the ability to seize the initiative, garner consensus and develop and implement an effective strategy. Demonstrates a high level of analytical rigor in formulating strategies, goals and measuring results.
Sense of urgency in implementing programs and evaluating priorities; decisive, action-oriented and practical.
Willingness to challenge and question the status quo, making recommendations for options and best solutions.
Demonstrated strategic thinking skills. Organizationally astute, with influencing, collaboration and communication skills. Personal presence, intellect, energy and drive to succeed in a high-performance environment.
Able to analyze and think through highly complex issues, but then appropriately execute and implement against a well thought through framework in a seamless manner. A global citizen who is comfortable in all geographies, regions and cultures.
Strong leadership, communication, and presentation skills including the ability to adapt his/her style to suit the different needs of any audience.